To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

Troy Mursch, the co-founder of Bad Packets LLC, said that the issue was detected on the company’s honeypots. Threat actors began scanning for vulnerable Orange modems from December 21.

The vulnerability - used to exploit the Orange modems - was first discovered in 2012. It could allow hackers to obtain Wi-Fi passwords and network IDs (SSID) of modems just by gaining access to modem’s get_getntworkconf.cgi.

Severity of the flaw

The vulnerability, if exploited, is touted to put both company and user data at risk. Services like WiGLE can allow an attacker to get the exact geographical coordinates of a Wi-Fi network based on its SSID number. Once the attackers obtain the SSID number, they can us it to infect a victim’s network and launch attacks on other nearby devices.

The vulnerability could also allow attackers to build IoT botnets. Mursch explains that the reason behind this is that many users tend to use the same password for both the modem’s Wi-Fi network and backend administration panel.

“This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. In addition, they can obtain the phone number tied to the modem and conduct other serious exploits detailed in this Github repository,” Mursch explained in a blog post.

Infected modem model

A vast majority of affected devices were found on the networks that use Orange Espana (AS12479) and are assigned to customers in France and Spain. The honeypot detected that the attackers were scanning 81.38.86.204 - an IP address associated with a Telefonica Spain customer - to exploit the vulnerability in Orange modems.

Both Orange Espana and CERT Spain have been notified about the issue, which the Orange’s CERT security team has acknowledged.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.